I have a directory 'admin' that has been .htaccess'ed off. Ie, If you point your browser at that directory, you will be prompted with an HTTP authentication dialog. Nothing special about PHP or MySQL there. I like the security that .htaccess and Apache give me.
Now, I have users in a MySQL table with md5 passwords stored for each. These users use an HTML form to log in to my site. Some of these users are admin users. When these admin users log in, I'd like them to have access to the 'admin' directory without being prompted with the HTTP authentication dialog. Is there anyway to use PHP to tell Apache that a user has been authenticated and that it need not throw up the HTTP authentication dialog? In case any of the foregoing is unclear, here's the process I want: 1. A non-authenticated user tries to access the directory 'admin', so Apache tosses up the HTTP authentication dialog. If they enter their user name and password, they will be admitted (done without PHP or MySQL, .htaccess and a passwd file). 2. A non-admin user authenticates with my HTML form, then they try to hit the 'admin' directory. The same thing happens as above. 3. An admin user authenticates with my HTML form, PHP tells Apache that this user has been authenticated. Then the user goes to the 'admin' directory, and is admitted without any other authentication. So, another question: To solve this problem from a different angle, is there a way to have Apache's .htaccess specify SQL to determine a user's credentials? Ie, when they visit the 'admin' directory, Apache could look up their record in the user table and determine if they are an admin. Sorry for the long explanation, but I wanted to make sure I was clear as this is a little bit of a funky request. Thanks, Dave -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
